CVE-2022-43705

Опубликовано: 27 нояб. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).

Ссылки

https://github.com/randombit/botan/releases/tag/2.19.3
Release Notes
Third Party Advisory
https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w
Mitigation
Third Party Advisory
https://github.com/randombit/botan/releases/tag/2.19.3
Release Notes
Third Party Advisory
https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*

Версия от 1.11.34 (включая) до 2.19.3 (исключая)

EPSS

Процентиль: 33%

0.00129

Низкий

9.1 Critical

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-295

Связанные уязвимости

CVE-2022-43705

CVSS3: 9.1

ubuntu

около 3 лет назад

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).

CVE-2022-43705

CVSS3: 9.1

debian

около 3 лет назад

In Botan before 2.19.3, it is possible to forge OCSP responses due to ...

openSUSE-SU-2022:10211-1

suse-cvrf

около 3 лет назад

Security update for Botan

openSUSE-SU-2022:10210-1

suse-cvrf

около 3 лет назад

Security update for Botan

ROS-20240527-01

CVSS3: 9.1

redos

больше 1 года назад

Уязвимость botan2

EPSS

Процентиль: 33%

0.00129

Низкий

9.1 Critical

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-295