CVE-2018-9127

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-9127

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9127.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-9127

Related

Published

2018-04-02T17:29:00Z

Modified

2024-12-05T15:15:03.843010Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.

References

Affected packages

Alpine:v3.11 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.12 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.13 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.14 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.15 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.16 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.17 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.18 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.19 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.20 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Alpine:v3.21 / botan

Package

Name: botan
Purl: pkg:apk/alpine/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-r0

Affected versions

2.*

2.4.0-r0

2.4.0-r1

2.4.0-r2

Debian:11 / botan

Package

Name: botan
Purl: pkg:deb/debian/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / botan

Package

Name: botan
Purl: pkg:deb/debian/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / botan

Package

Name: botan
Purl: pkg:deb/debian/botan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/randombit/botan

Affected ranges

Type: GIT
Repo: https://github.com/randombit/botan
Events: Introduced

33f87a596ffa1fcbc017d9593dce0906d7d32208

Last affected

1e93b85fb5a4d628b80a9812b38b842b5c8b4363

Affected versions

2.*

2.2.0

2.3.0

2.4.0