CVE-2018-9127
NONE EPSS 57.2%
Published Apr 2, 20188y ago · Modified Jun 17, 20262w ago
Published Apr 2, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.
Threat Intelligence
EPSS Exploit Probability
57.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-295
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| botan_project | botan | * | ≥2.2.0 – ≤2.4.0 |
References 1
- botan.randombit.net https://botan.randombit.net/security.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.