Lucene search

[email protected]CVE-2022-43705

HistoryNov 27, 2022 - 4:15 a.m.

CVE-2022-43705

2022-11-2704:15:10

CWE-295

[email protected]

web.nvd.nist.gov

cve-2022-43705

botan

ocsp

certificate verification error

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).

Affected configurations

NVD

Node

botan_projectbotanRange1.11.34–2.19.3

CPENameOperatorVersion
botan_project:botanbotan project botanlt2.19.3

CPE	Name	Operator	Version
botan_project:botan	botan project botan	lt	2.19.3

References

github.com/randombit/botan/releases/tag/2.19.3

github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w

Social References

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVE-2022-43705

nessus2 openvas1 nvd1 veracode1 cnvd1 mageia1 debiancve1 cvelist1 redos1 ubuntucve1 osv1 alpinelinux1 prion1 gitlab1