CVE-2017-2801

Summary

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
RandombitBotan2.0.1affected

Weaknesses

  • Certificate validation bypass

ADP Enrichment

CVE Program Container

Additional References

References