Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2017-8301

Published: August 31, 2023Last modified: August 31, 2023

Description

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.

Severity score breakdown

ParameterValue
Base score5.3
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactHIGH
Availability impactNONE
VectorCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibresslNot affected (3.6.2-r0)
StreamlibresslNot affected (3.7.3-r0)

References

ON THIS PAGE