{"id":"CVE-2017-8301","details":"LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.","modified":"2026-04-10T04:01:10.782483Z","published":"2017-04-27T17:59:00.187Z","references":[{"type":"ADVISORY","url":"http://seclists.org/oss-sec/2017/q2/145"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98076"},{"type":"FIX","url":"https://github.com/libressl-portable/portable/issues/307"},{"type":"FIX","url":"https://trac.nginx.org/nginx/ticket/1257"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libressl-portable/portable","events":[{"introduced":"0"},{"last_affected":"b67d365454e3d35f775dda738697615094e81c4e"},{"introduced":"0"},{"last_affected":"22bda9840b2d4ba24eaa2d65fa680356e91f2c0c"},{"introduced":"0"},{"last_affected":"b2a6ff75b73195ffc1b71c76deaf878997ffd870"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.1"},{"introduced":"0"},{"last_affected":"2.5.2"},{"introduced":"0"},{"last_affected":"2.5.3"}]}}],"versions":["v2.1.2","v2.1.3","v2.1.4","v2.2.0","v2.2.1","v2.2.2","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1","v2.5.0","v2.5.1","v2.5.2","v2.5.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8301.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}