Описание
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 2.19.3+dfsg-1ubuntu1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/noble | not-affected | 2.19.3+dfsg-1ubuntu1 |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| kinetic | ignored | end of life, was needed |
| lunar | ignored | end of life, was needs-triage |
Показывать по
10
Ссылки на источники
9.1 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.1
nvd
около 3 лет назад
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVSS3: 9.1
debian
около 3 лет назад
In Botan before 2.19.3, it is possible to forge OCSP responses due to ...
CVSS3: 9.1
fstec
около 3 лет назад
Уязвимость криптографической библиотеки C++ Botan, связанная с неправильной проверкой сертификата, позволяющая нарушителю подделать ответы OCSP
9.1 Critical
CVSS3