Medium severity5.3NVD Advisory· Published Apr 27, 2017· Updated Jun 17, 2026
CVE-2017-8301
CVE-2017-8301
Description
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
4- github.com/libressl-portable/portable/issues/307nvdIssue TrackingPatchThird Party Advisory
- trac.nginx.org/nginx/ticket/1257nvdIssue TrackingPatchThird Party Advisory
- seclists.org/oss-sec/2017/q2/145nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/98076nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.