Upstream information
CVE-2022-43705 at MITRE
Description
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
CVSS v3 Scores
| National Vulnerability Database |
Base Score | 9.1 |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | High |
Integrity Impact | High |
Availability Impact | None |
CVSSv3 Version | 3.1 |
SUSE Bugzilla entry:
1205509 [IN_PROGRESS]
SUSE Security Advisories:
List of released packages
Product(s) | Fixed package version(s) | References |
SUSE Package Hub 15 SP3 | Botan >= 2.10.0-bp153.3.3.1
Botan-doc >= 2.10.0-bp153.3.3.1
libbotan-2-10 >= 2.10.0-bp153.3.3.1
libbotan-2-10-32bit >= 2.10.0-bp153.3.3.1
libbotan-2-10-64bit >= 2.10.0-bp153.3.3.1
libbotan-devel >= 2.10.0-bp153.3.3.1
libbotan-devel-32bit >= 2.10.0-bp153.3.3.1
libbotan-devel-64bit >= 2.10.0-bp153.3.3.1
python3-botan >= 2.10.0-bp153.3.3.1
| Patchnames: openSUSE-2022-10210 |
SUSE Package Hub 15 SP4 | Botan >= 2.18.2-bp154.2.3.1
Botan-doc >= 2.18.2-bp154.2.3.1
libbotan-2-18 >= 2.18.2-bp154.2.3.1
libbotan-2-18-32bit >= 2.18.2-bp154.2.3.1
libbotan-2-18-64bit >= 2.18.2-bp154.2.3.1
libbotan-devel >= 2.18.2-bp154.2.3.1
libbotan-devel-32bit >= 2.18.2-bp154.2.3.1
libbotan-devel-64bit >= 2.18.2-bp154.2.3.1
python3-botan >= 2.18.2-bp154.2.3.1
| Patchnames: openSUSE-2022-10211 |
openSUSE Leap 15.3 | Botan >= 2.10.0-bp153.3.3.1
Botan-doc >= 2.10.0-bp153.3.3.1
libbotan-2-10 >= 2.10.0-bp153.3.3.1
libbotan-2-10-32bit >= 2.10.0-bp153.3.3.1
libbotan-2-10-64bit >= 2.10.0-bp153.3.3.1
libbotan-devel >= 2.10.0-bp153.3.3.1
libbotan-devel-32bit >= 2.10.0-bp153.3.3.1
libbotan-devel-64bit >= 2.10.0-bp153.3.3.1
python3-botan >= 2.10.0-bp153.3.3.1
| Patchnames: openSUSE-2022-10210 |
openSUSE Leap 15.4 | Botan >= 2.18.2-bp154.2.3.1
Botan-doc >= 2.18.2-bp154.2.3.1
libbotan-2-18 >= 2.18.2-bp154.2.3.1
libbotan-2-18-32bit >= 2.18.2-bp154.2.3.1
libbotan-2-18-64bit >= 2.18.2-bp154.2.3.1
libbotan-devel >= 2.18.2-bp154.2.3.1
libbotan-devel-32bit >= 2.18.2-bp154.2.3.1
libbotan-devel-64bit >= 2.18.2-bp154.2.3.1
python3-botan >= 2.18.2-bp154.2.3.1
| Patchnames: openSUSE-2022-10211 |
openSUSE Tumbleweed | Botan >= 2.19.3-1.1
Botan-doc >= 2.19.3-1.1
libbotan-2-19 >= 2.19.3-1.1
libbotan-2-19-32bit >= 2.19.3-1.1
libbotan-devel >= 2.19.3-1.1
libbotan-devel-32bit >= 2.19.3-1.1
python3-botan >= 2.19.3-1.1
| Patchnames: openSUSE Tumbleweed GA Botan-2.19.3-1.1 |
SUSE Timeline for this CVE
CVE page created: Wed Nov 16 23:00:28 2022
CVE page last modified: Fri Dec 2 12:37:15 2022