CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
69.1%
botan 1.11.x before 1.11.22 improperly handles wildcard matching against
hostnames, which might allow remote attackers to have unspecified impact
via a valid X.509 certificate, as demonstrated by accepting .example.com
as a match for bar.foo.example.com.
Otherwise valid certificates using wildcards would be accepted as
matching certain hostnames that should they should not according to
RFC 6125. For example a certificate issued for โ.example.comโ
should match โfoo.example.comโ but not โexample.comโ or
โbar.foo.example.comโ. Previously Botan would accept such a
certificate as valid for โbar.foo.example.comโ.
RFC 6125 also requires that when matching a X.509 certificate against
a DNS name, the CN entry is only compared if no subjectAlternativeName
entry is available. Previously X509_Certificate::matches_dns_name would
always check both names.
Author | Note |
---|---|
seth-arnold | โIntroduced in 1.11.0, fixed in 1.11.22โ |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
69.1%