CVE-2017-2801

MEDIUM

Botan - Out-of-Bounds Read

Title source: rule

Description

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

References (3)

[Exploit, Mitigation, Third Party Advisory, VDB Entry] http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294

[Third Party Advisory, US Government Resource] http://www.securityfocus.com/bid/98106

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3939

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Details

CWE

CWE-125

Status published

Products (2)

botan_project/botan

Randombit/Botan < 2.0.1

Published May 24, 2017

Tracked Since Feb 18, 2026