GHSA-f5v5-ccqc-6w36: async-nats vulnerable to TLS certificate common name validation bypass

March 24, 2023

The NATS official Rust clients are vulnerable to MitM when using TLS.

The common name of the server’s TLS certificate is validated against the hostname provided by the server’s plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field’s value by substituting it with the common name of a valid certificate it controls, fooling the client into accepting it.

References

github.com/advisories/GHSA-f5v5-ccqc-6w36
github.com/nats-io/nats.rs
github.com/nats-io/nats.rs/commit/817a7b942c462fa9d9938dcb62124173634132fb
rustsec.org/advisories/RUSTSEC-2023-0027.html

Detect and mitigate GHSA-f5v5-ccqc-6w36 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →