Wasmtime GitHub notifications bot (Apr 23 2026 at 00:25): Wasmtime GitHub notifications bot (Apr 23 2026 at 00:25):github-actions[bot] opened issue #13175:
Reachable panic in certificate revocation list parsing
Details Package rustls-webpkiVersion 0.103.12Date 2026-04-22 Patched versions >=0.103.13, <0.104.0-alpha.1,>=0.104.0-alpha.7A panic was reachable when parsing certificate revocation lists via [
BorrowedCertRevocationList::from_der]
or [OwnedCertRevocationList::from_der]. This was the result of mishandling a syntactically valid empty
BIT STRINGappearing in theonlySomeReasonselement of aIssuingDistributionPointCRL extension.This panic is reachable prior to a CRL's signature being verified.
Applications that do not use CRLs are not affected.
Thank you to @tynus3 for the report.
See advisory page for additional details.
Wasmtime GitHub notifications bot (Apr 23 2026 at 22:04):alexcrichton closed issue #13175:
Reachable panic in certificate revocation list parsing
Details Package rustls-webpkiVersion 0.103.12Date 2026-04-22 Patched versions >=0.103.13, <0.104.0-alpha.1,>=0.104.0-alpha.7A panic was reachable when parsing certificate revocation lists via [
BorrowedCertRevocationList::from_der]
or [OwnedCertRevocationList::from_der]. This was the result of mishandling a syntactically valid empty
BIT STRINGappearing in theonlySomeReasonselement of aIssuingDistributionPointCRL extension.This panic is reachable prior to a CRL's signature being verified.
Applications that do not use CRLs are not affected.
Thank you to @tynus3 for the report.
See advisory page for additional details.
Last updated: May 03 2026 at 22:13 UTC