Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Botan has a TLS 1.3 certificate authentication bypass
Vulnerability Description
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.
CVSS Information
N/A
Vulnerability Type
行为工作流的不恰当实施
Vulnerability Title
Botan 安全漏洞
Vulnerability Description
Botan是Jack Lloyd个人开发者的一个C++加密库。 Botan 3.11.1之前版本存在安全漏洞,该漏洞源于TLS 1.3实现在接收Finished消息前处理应用数据记录,可能导致绕过客户端证书身份验证。
CVSS Information
N/A
Vulnerability Type
N/A