Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
1:23.2.6+dfsg-1build11:24.1.1+dfsg-11:24.1.4+dfsg-11:24.1.5+dfsg-11:24.1.5+dfsg-1ubuntu11:24.2+dfsg-11:24.2.1+dfsg-11:24.2.1+dfsg-1ubuntu0.11:24.2.1+dfsg-1ubuntu0.21:24.2.1+dfsg-1ubuntu0.3+3 more1:25.2.3+dfsg-11:25.3.2.8+dfsg-11:25.3.2.8+dfsg-1ubuntu11:25.3.2.8+dfsg-1ubuntu31:25.3.2.8+dfsg-1ubuntu41:25.3.2.8+dfsg-1ubuntu4.11:25.3.2.8+dfsg-1ubuntu4.21:25.3.2.8+dfsg-1ubuntu4.31:25.3.2.8+dfsg-1ubuntu4.41:25.3.2.8+dfsg-1ubuntu4.5+1 more1:27.3+dfsg-1ubuntu11:27.3+dfsg-1ubuntu1.11:27.3.4.1+dfsg-11:27.3.4.1+dfsg-1build11:27.3.4.1+dfsg-1ubuntu0.11:27.3.4.1+dfsg-1build11:27.3.4.3+dfsg-11:27.3.4.4+dfsg-11:27.3.4.6+dfsg-11:16.b.1-dfsg-4ubuntu11:16.b.2-dfsg-1ubuntu11:16.b.2-dfsg-2ubuntu11:16.b.3-dfsg-1ubuntu11:16.b.3-dfsg-1ubuntu21:16.b.3-dfsg-1ubuntu2.11:16.b.3-dfsg-1ubuntu2.21:16.b.3-dfsg-1ubuntu2.2+esm11:18.0-dfsg-1ubuntu11:18.0-dfsg-1ubuntu21:18.2-dfsg-2ubuntu11:18.3-dfsg-1ubuntu11:18.3-dfsg-1ubuntu21:18.3-dfsg-1ubuntu31:18.3-dfsg-1ubuntu3.11:18.3-dfsg-1ubuntu3.1+esm11:18.3-dfsg-1ubuntu3.1+esm21:20.0.4+dfsg-1ubuntu11:20.1.2+dfsg-1ubuntu11:20.1.3+dfsg-1ubuntu11:20.1.4+dfsg-1ubuntu11:20.1.5+dfsg-1ubuntu11:20.1.6+dfsg-1ubuntu11:20.1.7+dfsg-1ubuntu11:20.2.1+dfsg-1ubuntu11:20.2.2+dfsg-1ubuntu11:20.2.2+dfsg-1ubuntu2+2 more1:22.0.7+dfsg-1build11:22.2+dfsg-11:22.2.1+dfsg-11:22.2.2+dfsg-11:22.2.3+dfsg-11:22.2.3+dfsg-21:22.2.4+dfsg-11:22.2.7+dfsg-11:22.2.7+dfsg-1ubuntu0.21:22.2.7+dfsg-1ubuntu0.3+3 moreExploitability
AV:NAC:HAT:PPR:NUI:PVulnerable System
VC:HVI:HVA:NSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N