Back to search
CVE-2017-8301
Published: Apr 27, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://seclists.org/oss-sec/2017/q2/145
x_refsource_MISC
https://github.com/libressl-portable/portable/issues/307
x_refsource_CONFIRM
https://trac.nginx.org/nginx/ticket/1257
x_refsource_CONFIRM
98076
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now