CVE-2015-7826

CRITICAL

botan < 1.11.22 - Improper Certificate Validation via Wildcard Hostname Matching

Title source: llm
STIX 2.1

Description

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1311620
Vendor Advisory x_refsource_confirm
https://botan.randombit.net/security.html#id3

Scores

CVSS v3 9.8
EPSS 0.0112
EPSS Percentile 61.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-295
Status published
Products (1)
botan_project/botan < 1.11.21
Published Apr 10, 2017
Tracked Since Feb 18, 2026