UBUNTU-CVE-2018-9127

Source
https://ubuntu.com/security/CVE-2018-9127
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-9127.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-9127
Related
Published
2018-04-02T17:29:00Z
Modified
2024-10-15T14:06:45Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.

References

Affected packages

Ubuntu:18.04:LTS / botan

Package

Name
botan
Purl
pkg:deb/ubuntu/botan?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.0-5ubuntu1

Affected versions

2.*

2.4.0-3
2.4.0-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.4.0-5ubuntu1",
            "binary_name": "botan"
        },
        {
            "binary_version": "2.4.0-5ubuntu1",
            "binary_name": "botan-dbgsym"
        },
        {
            "binary_version": "2.4.0-5ubuntu1",
            "binary_name": "libbotan-2-4"
        },
        {
            "binary_version": "2.4.0-5ubuntu1",
            "binary_name": "libbotan-2-4-dbgsym"
        },
        {
            "binary_version": "2.4.0-5ubuntu1",
            "binary_name": "libbotan-2-dev"
        },
        {
            "binary_version": "2.4.0-5ubuntu1",
            "binary_name": "libbotan-2-doc"
        },
        {
            "binary_version": "2.4.0-5ubuntu1",
            "binary_name": "python3-botan"
        }
    ]
}

Ubuntu:20.04:LTS / botan

Package

Name
botan
Purl
pkg:deb/ubuntu/botan?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.0-2
2.9.0-2build1
2.12.1-2
2.12.1-2build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / botan

Package

Name
botan
Purl
pkg:deb/ubuntu/botan?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.17.3+dfsg-3
2.19.1+dfsg-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}