CVE-2021-3336

HIGH

Wolfssl < 4.7.0 - Improper Certificate Validation

Title source: rule

Description

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.

References (2)

[Patch, Third Party Advisory] https://github.com/wolfSSL/wolfssl/pull/3676

[Vendor Advisory] https://www.wolfssl.com/docs/security-vulnerabilities

Scores

CVSS v3 8.1

EPSS 0.0018

EPSS Percentile 39.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-295

Status published

Products (1)

wolfssl/wolfssl < 4.7.0

Published Jan 29, 2021

Tracked Since Feb 18, 2026