CVE-2017-2801
NONE EPSS 67.2%
Published May 24, 20179y ago · Modified Jun 17, 20262w ago
Published May 24, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.
Threat Intelligence
EPSS Exploit Probability
67.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| botan_project | botan | 2.0.1 | any |
References 3
- talosintelligence.com http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294
- debian.org http://www.debian.org/security/2017/dsa-3939
- securityfocus.com http://www.securityfocus.com/bid/98106
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.