Affected versions of this package are vulnerable to Improper Certificate Validation. It is possible to trigger an assertion on a TLS server with a malformed certificate string.
X509V3_EXT_print can return value different from 1 if the X509 extension does not support printing to a buffer. Instead of failing with an unrecoverable assertion. This vulnerability can be exploited by a user that can remotely connect to a TLS server and supply an invalid certificate, causing the server to crash. As such, this vulnerability could result in a denial-of-service vulnerability.
node to version 12.15.0, 13.8.0, 10.19.0 or higher.