CVE-2022-25638

MEDIUM

Wolfssl < 5.2.0 - Improper Certificate Validation

Title source: rule

Description

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

References (2)

[Patch, Third Party Advisory] https://github.com/wolfSSL/wolfssl/pull/4813

[Vendor Advisory] https://www.wolfssl.com/docs/security-vulnerabilities/

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 34.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-295

Status published

Products (1)

wolfssl/wolfssl < 5.2.0

Published Feb 24, 2022

Tracked Since Feb 18, 2026