diff --git a/ChangeLog.d/max_pathlen.txt b/ChangeLog.d/max_pathlen.txt new file mode 100644 index 000000000..ff56a4e59 --- /dev/null +++ b/ChangeLog.d/max_pathlen.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix undefined behavior in X.509 certificate parsing if the + pathLenConstraint basic constraint value is equal to INT_MAX. + The actual effect with almost every compiler is the intended + behavior, so this is unlikely to be exploitable anywhere. #3196