In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
References
Link | Resource |
---|---|
https://github.com/wolfSSL/wolfssl/pull/4813 | Patch Third Party Advisory |
https://www.wolfssl.com/docs/security-vulnerabilities/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-24T01:06:54
Updated: 2022-02-24T01:06:54
Reserved: 2022-02-22T00:00:00
Link: CVE-2022-25638
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-24T15:15:32.040
Modified: 2022-03-04T16:48:10.683
Link: CVE-2022-25638
JSON object: View
Redhat Information
No data.
CWE