CVE-2017-2801

Metadata

high
7.5
botan1.10
CVE-2017-2801
cve.mitre.org, github.com, bugs.debian.org
2017-05-24
2017-10-23 14:19
CVE-2017-2801 botan1.10
2017-07-20 21:31
2017-06-16 18:42
2017-05-26 05:03
2017-05-10 23:49
2017-04-14 10:21
2017-04-14 00:03

Description

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful botan1.10 None
devel botan1.10 None
trusty botan1.10 None
xenial botan1.10 None
zesty botan1.10 None

Unaffected

Release Package Reason
precise botan1.10 ignored
precise/esm botan1.10 DNE
vivid/stable-phone-overlay botan1.10 DNE
vivid/ubuntu-core botan1.10 DNE
yakkety botan1.10 ignored

Needs Triage

Release Package Reason
upstream botan1.10 needs-triage