Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBotan Project Botan
APPBotan Project2.2.0 – 2.4.0
Related vulnerabilities
Botan: błędna weryfikacja certyfikatu umożliwia obejście łańcucha zaufania
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This i...
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (...
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow att...
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote a...