CVE-2017-2801 MEDIUM

CVE-2017-2801

Vendor Randombit
Product Botan
Published May 24, 2017
Last update August 5, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

Key dates

02Disclosure timeline

May 24, 2017 CVE published
August 5, 2024 Record updated