CVE-2022-43705

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).

Published: Nov 27, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-43705
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
botan_project / botan	1.11.34	2.19.3

https://github.com/randombit/botan/releases/tag/2.19.3
https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w

Vulnerability Database

289,871

CVE-2022-43705