CVE-2021-38597Insufficient Verification of Data Authenticity in Wolfssl

CWE-345Insufficient Verification of Data Authenticity4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 60.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WolfsslDebian Wolfssl
Timeline
PublishedAug 12
Latest updateMay 24

Description

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

debiandebian/wolfssl< wolfssl 5.0.0-1 (bookworm)
NVDwolfssl/wolfssl< 4.8.1
Debianwolfssl/wolfssl< 4.6.0+p1-0+deb11u1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-r434-53mc-rhw4: wolfSSL before 42022-05-24
OSV
CVE-2021-38597: wolfSSL before 42021-08-12

📋Vendor Advisories

1
Debian
CVE-2021-38597: wolfssl - wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations o...2021
CVE-2021-38597 — Wolfssl vulnerability | cvebase