CVE-2021-3336
HIGHwolfssl < 4.7.0 - Improper Certificate Validation in TLS 1.3 Client
Title source: llmDescription
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/wolfSSL/wolfssl/pull/3676
Vendor Advisory x_refsource_confirm
https://www.wolfssl.com/docs/security-vulnerabilities
Scores
CVSS v3
8.1
EPSS
0.0079
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (1)
wolfssl/wolfssl
< 4.7.0
Published
Jan 29, 2021
Tracked Since
Feb 18, 2026