Vulnerability Details : CVE-2021-3336
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
Products affected by CVE-2021-3336
- cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3336
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3336
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2021-3336
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-3336
-
https://www.wolfssl.com/docs/security-vulnerabilities
wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS LibraryVendor Advisory
-
https://github.com/wolfSSL/wolfssl/pull/3676
TLS 1.3: ensure key for signature in CertificateVerify by SparkiDev · Pull Request #3676 · wolfSSL/wolfssl · GitHubPatch;Third Party Advisory
Jump to