Main Vulnerability Database Vulnerabilities #VU125380

Improper Certificate Validation in Botan - CVE-2022-43705

Published: November 16, 2022 / Updated: April 8, 2026

Vulnerability identifier: #VU125380

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-43705

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Randombit

Affected software:
Botan

Detailed vulnerability description

The vulnerability allows a remote user to spoof certificate revocation status and bypass revocation checks.

The vulnerability exists due to improper certificate validation in OCSP response verification when processing embedded OCSP responder certificates. A remote privileged user can spoof a crafted OCSP response to spoof certificate revocation status and bypass revocation checks.

Only deployments that rely on OCSP for certificate revocation checks are affected. The issue can be exploited in scenarios such as OCSP stapling.

How to mitigate CVE-2022-43705

Install security update from vendor's website.

Sources

https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w

Improper Certificate Validation in Botan - CVE-2022-43705

Detailed vulnerability description

How to mitigate CVE-2022-43705

Sources

Please verify you're human