9.8

CVE-2017-2801

Exploit
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Botan ProjectBotan Version2.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.32% 0.67
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
talos-cna@cisco.com 6.5 2.2 3.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294
Third Party Advisory
Exploit
VDB Entry
Mitigation
http://www.debian.org/security/2017/dsa-3939
http://www.securityfocus.com/bid/98106
Third Party Advisory
US Government Resource