CVE-2018-9127

NONE EPSS 57.2%
Published Apr 2, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 2, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.

Threat Intelligence

EPSS Exploit Probability
57.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-295

Affected Products 1

VendorProductVersionRange
botan_projectbotan*≥2.2.0  –  ≤2.4.0

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.