No description is available for this CVE.
It was found that OpenSSL will accept a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA if it is present in the trusted bundle. The exploitability of this bug is limited; the attacker needs to get access to a private key of which the corresponding certificate is in the trust bundle. The attacker is able to leverage this certificate to MITM any connection from the victim machine, not just ones to the specific server that uses the self-signed certificate.
Red Hat recommends not to include self-signed server certificates in system trust bundle, even with CA:FALSE, as they are considered full-fledged Certificate Authorities.
Vulmon