suse · CVE-2017-2801

Quick triage

Priority: medium Published: 2021-05-30 13:50:24 UTC Updated: 2024-07-27 00:56:55 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-2801 severity moderate: SUSE including 14 source package names (Botan, Botan-2.18.1-1.3, …), 20 product×package rows across 7 product lines (SUSE Linux Enterprise Software Development Kit 11 SP4, SUSE Linux Enterprise Software Development Kit 12 SP1, … (7 product lines)): Fixed 17, Known Not Affected 3.

Description:

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

cvelogic Threat Intelligence