Main Vulnerability Database Vulnerabilities #VU125380

Improper Certificate Validation in Botan - CVE-2022-43705

Published: November 16, 2022 / Updated: April 8, 2026

Vulnerability identifier: #VU125380

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-43705

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Botan

Software vendor:
Randombit

Description

The vulnerability allows a remote user to spoof certificate revocation status and bypass revocation checks.

The vulnerability exists due to improper certificate validation in OCSP response verification when processing embedded OCSP responder certificates. A remote privileged user can spoof a crafted OCSP response to spoof certificate revocation status and bypass revocation checks.

Only deployments that rely on OCSP for certificate revocation checks are affected. The issue can be exploited in scenarios such as OCSP stapling.

Remediation

Install security update from vendor's website.

External links

https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w

Improper Certificate Validation in Botan - CVE-2022-43705

Description

Remediation

External links

Please verify you're human