CVE-2017-2801 — MEDIUM (6.5)

Vulnerability Description

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Botan Project	Botan	2.0.1

Related Weaknesses (CWE)

CWE-125

References

http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294ExploitMitigationThird Party Advisory
http://www.debian.org/security/2017/dsa-3939
http://www.securityfocus.com/bid/98106Third Party AdvisoryUS Government Resource
http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294ExploitMitigationThird Party Advisory
http://www.debian.org/security/2017/dsa-3939
http://www.securityfocus.com/bid/98106Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-2801?

CVE-2017-2801 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially cr...

How severe is CVE-2017-2801?

CVE-2017-2801 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2801?

Check the references section above for vendor advisories and patch information. Affected products include: Botan Project Botan.