Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2017-8301

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.

  • Published: Apr 27, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-8301
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Low
  • Score: 2.6
  • AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
openbsd / libressl 2.5.3 2.5.3.x
openbsd / libressl 2.5.2 2.5.2.x
openbsd / libressl 2.5.1 2.5.1.x