rustls-webpki Wildcard Certificate Validation Flaw Bypasses Name Constraints in Security Patch Gap

A validation vulnerability in `rustls-webpki` versions prior to 0.103.12 and certain 0.104.0-alpha releases allows wildcard DNS certificates to escape permitted subtree name constraints, potentially enabling certificate misissuance beyond intended restrictions. The flaw, tracked as GHSA-xgp8-3hg3-c2mh, stems from the library accepting wildcard assertions—like `*.example.com`—as compliant with a name constraint of `accept.example.com`, when in practice such a wildcard would permit `reject.example.com`, which falls outside the constrained namespace.

The security advisory, credited to researcher @1seal, reveals that the bug operates downstream of signature verification. Since name constraints function as restrictions on certificates that have already passed cryptographic validation, exploitation requires a misissued certificate—a scenario that depends on compromised or negligent certificate authority behavior rather than direct attack surface exposure. The issue mirrors CVE-2025-61727, a similar flaw discovered in Go's crypto libraries, suggesting a class of validation oversights across certificate parsing implementations.

Users of `rustls-webpki` are advised to upgrade to version 0.103.12 or later (for the 0.103.x branch) or 0.104.0-alpha.6 and above (for the alpha channel). Organizations relying on `rustls-webpki` for TLS certificate validation in security-sensitive environments should assess whether their deployments enforce name constraints and determine exposure risk given the dependency chain between signature verification and name constraint checking. The rustls team has confirmed the patch, though no active exploitation has been reported as of the advisory publication.