|Description||A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|jessie (security), jessie||1.10.8-2+deb8u1||vulnerable|
|buster, sid, stretch||1.10.16-1||fixed|
The information below is based on the following data on fixed versions.
Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16