Your submission was sent successfully! Close

CVE-2015-7826

Published: 10 April 2017

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. Otherwise valid certificates using wildcards would be accepted as matching certain hostnames that should they should not according to RFC 6125. For example a certificate issued for ‘*.example.com’ should match ‘foo.example.com’ but not ‘example.com’ or ‘bar.foo.example.com’. Previously Botan would accept such a certificate as valid for ‘bar.foo.example.com’. RFC 6125 also requires that when matching a X.509 certificate against a DNS name, the CN entry is only compared if no subjectAlternativeName entry is available. Previously X509_Certificate::matches_dns_name would always check both names.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
botan1.10
Launchpad, Ubuntu, Debian
Upstream
Released (1.11.22)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)