Upstream information

CVE-2022-43705 at MITRE

Description

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 9.1
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1205509 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP3
  • Botan >= 2.10.0-bp153.3.3.1
  • Botan-doc >= 2.10.0-bp153.3.3.1
  • libbotan-2-10 >= 2.10.0-bp153.3.3.1
  • libbotan-2-10-32bit >= 2.10.0-bp153.3.3.1
  • libbotan-2-10-64bit >= 2.10.0-bp153.3.3.1
  • libbotan-devel >= 2.10.0-bp153.3.3.1
  • libbotan-devel-32bit >= 2.10.0-bp153.3.3.1
  • libbotan-devel-64bit >= 2.10.0-bp153.3.3.1
  • python3-botan >= 2.10.0-bp153.3.3.1
Patchnames:
openSUSE-2022-10210
SUSE Package Hub 15 SP4
  • Botan >= 2.18.2-bp154.2.3.1
  • Botan-doc >= 2.18.2-bp154.2.3.1
  • libbotan-2-18 >= 2.18.2-bp154.2.3.1
  • libbotan-2-18-32bit >= 2.18.2-bp154.2.3.1
  • libbotan-2-18-64bit >= 2.18.2-bp154.2.3.1
  • libbotan-devel >= 2.18.2-bp154.2.3.1
  • libbotan-devel-32bit >= 2.18.2-bp154.2.3.1
  • libbotan-devel-64bit >= 2.18.2-bp154.2.3.1
  • python3-botan >= 2.18.2-bp154.2.3.1
Patchnames:
openSUSE-2022-10211
openSUSE Leap 15.3
  • Botan >= 2.10.0-bp153.3.3.1
  • Botan-doc >= 2.10.0-bp153.3.3.1
  • libbotan-2-10 >= 2.10.0-bp153.3.3.1
  • libbotan-2-10-32bit >= 2.10.0-bp153.3.3.1
  • libbotan-2-10-64bit >= 2.10.0-bp153.3.3.1
  • libbotan-devel >= 2.10.0-bp153.3.3.1
  • libbotan-devel-32bit >= 2.10.0-bp153.3.3.1
  • libbotan-devel-64bit >= 2.10.0-bp153.3.3.1
  • python3-botan >= 2.10.0-bp153.3.3.1
Patchnames:
openSUSE-2022-10210
openSUSE Leap 15.4
  • Botan >= 2.18.2-bp154.2.3.1
  • Botan-doc >= 2.18.2-bp154.2.3.1
  • libbotan-2-18 >= 2.18.2-bp154.2.3.1
  • libbotan-2-18-32bit >= 2.18.2-bp154.2.3.1
  • libbotan-2-18-64bit >= 2.18.2-bp154.2.3.1
  • libbotan-devel >= 2.18.2-bp154.2.3.1
  • libbotan-devel-32bit >= 2.18.2-bp154.2.3.1
  • libbotan-devel-64bit >= 2.18.2-bp154.2.3.1
  • python3-botan >= 2.18.2-bp154.2.3.1
Patchnames:
openSUSE-2022-10211
openSUSE Tumbleweed
  • Botan >= 2.19.3-1.1
  • Botan-doc >= 2.19.3-1.1
  • libbotan-2-19 >= 2.19.3-1.1
  • libbotan-2-19-32bit >= 2.19.3-1.1
  • libbotan-devel >= 2.19.3-1.1
  • libbotan-devel-32bit >= 2.19.3-1.1
  • python3-botan >= 2.19.3-1.1
Patchnames:
openSUSE Tumbleweed GA Botan-2.19.3-1.1


SUSE Timeline for this CVE

CVE page created: Wed Nov 16 23:00:28 2022
CVE page last modified: Tue May 23 18:25:35 2023