OCSP Request Validation Flaw in wolfSSL by wolfSSL
CVE-2021-37155

9.8CRITICAL

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 21 July 2021

What is CVE-2021-37155?

The wolfSSL library versions 4.6.x to 4.7.x prior to 4.8.0 are susceptible to a vulnerability where the library does not appropriately handle discrepancies between the serial number in an OCSP request and that in the OCSP response. This oversight may lead to the library failing to produce a correct failure outcome, which can undermine the integrity of the OCSP validation process and potentially allow for unauthorized access.

References

https://github.com/wolfSSL/wolfssl/pull/3990

x_refsource_MISC

https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-st...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Jul 21, 2021

Wolfssl

What is CVE-2021-37155?

References

CVSS V3.1

Timeline