Impact
This vulnerability could enable a man in the middle attack using a fake chain to a known trusted ROOT certificate.
Workarounds
Make sure to not send the ROOT Certificate in the chain, it is optional and the bug only occurred under conditions when the ROOT cert was sent.
Affected/Unaffected Versions
A version larger than or equal to one of the listed patched versions is unaffected; otherwise, a version that satisfies an expression listed under affected versions is affected, and if it does not, it is unaffected.
The documentation of the new OTP version scheme describes how versions should be compared.
Credits
Thanks to Finder Marcus Johansson
Impact
This vulnerability could enable a man in the middle attack using a fake chain to a known trusted ROOT certificate.
Workarounds
Make sure to not send the ROOT Certificate in the chain, it is optional and the bug only occurred under conditions when the ROOT cert was sent.
Affected/Unaffected Versions
A version larger than or equal to one of the listed patched versions is unaffected; otherwise, a version that satisfies an expression listed under affected versions is affected, and if it does not, it is unaffected.
The documentation of the new OTP version scheme describes how versions should be compared.
Credits
Thanks to Finder Marcus Johansson