CVE-2017-2801

NONE EPSS 67.2%
Published May 24, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 24, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

Threat Intelligence

EPSS Exploit Probability
67.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 1

VendorProductVersionRange
botan_projectbotan2.0.1any

References 3

  • talosintelligence.com http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294
    ExploitMitigationThird Party AdvisoryVDB Entry
  • debian.org http://www.debian.org/security/2017/dsa-3939
  • securityfocus.com http://www.securityfocus.com/bid/98106
    Third Party AdvisoryUS Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.