Improper input validation in Botan - CVE-2017-2801
Published: May 3, 2017 / Updated: May 4, 2017
Vulnerability identifier: #VU6398
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2801
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Randombit
Affected software:
Botan
Botan
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose potentially sensitive information or cause (DoS) condition.
The vulnerability exists due to improper validation of X.509 certificate fields when processing a specially formed DN. A remote attacker can submit a crafted X.509 certificate to affected client or server software, bypass security restrictions and cause out of bound memory read.
Successful exploitation of the vulnerability may result in information disclosure or denial of service on the targeted system.
The vulnerability exists due to improper validation of X.509 certificate fields when processing a specially formed DN. A remote attacker can submit a crafted X.509 certificate to affected client or server software, bypass security restrictions and cause out of bound memory read.
Successful exploitation of the vulnerability may result in information disclosure or denial of service on the targeted system.
How to mitigate CVE-2017-2801
Update to version 2.1.0 or 1.10.16.