Botan Case-Insensitive CN Values Bypass DNS Name Constraints Vulnerability

A vulnerability exists in Botan, a C++ cryptography library, in versions prior to 3.11.0. The issue arises when processing X.509 certificate paths with name constraints that limit allowable DNS names. If the end-entity certificate lacks a subject alternative name, Botan incorrectly verifies that the common name (CN) complies with the DNS name constraints. This check, not mandated by RFC 5280, fails to consider mixed-case CN values. As a result, a certificate with CN=Sub.EVIL.COM and no subject alternative name can circumvent an excludedSubtrees constraint for evil.com, exploiting the case-sensitive comparison. This vulnerability has been addressed in version 3.11.0.

Impact

Bypassing excludedSubtrees name constraints can lead to improper certificate validation, allowing certificates with mixed-case CNs and no subject alternative names to be accepted inappropriately. This could enable an attacker to present such a certificate to clients using Botan, disregarding important DNS constraints. The issue is particularly significant in enterprise or government PKI environments that rely on name constraints to control CA issuance, such as US FPKI, EU eIDAS, and CAB Forum BR Section 7.1.5.

Remediation

Users can upgrade to Botan version 3.11.0 or later to address this vulnerability.