Published: 29/01/2021 Updated: 04/03/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 607

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

DoTls13CertificateVerify in tls13.c in wolfSSL prior to 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wolfssl wolfssl

The wolfSSL library for Arduino.

Arduino wolfSSL Library The library is modified from wolfSSL Release 554 for Arduino platform wolfSSL Embedded SSL/TLS Library The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set It is commonl

wolfSSL Embedded SSL/TLS Library The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set It is commonly used in standard operating environments as well because of its royalty-free pricing and excelle

pq-wolfSSL This is the accompanying code for the paper "Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 13" to appear at 17th ACM Asia Conference on Computer and Communications Security (ACM ASIA CCS ’22); also available in Cryptology ePrint Archive: Report 2021/1447 Overview Status Integrated PQC Schemes Limitations and No

Integration of selected post-quantum schemes into the embedded TLS library wolfSSL as part of our paper "Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3"

pq-wolfSSL This is the accompanying code for the paper "Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 13" to appear at 17th ACM Asia Conference on Computer and Communications Security (ACM ASIA CCS ’22); also available in Cryptology ePrint Archive: Report 2021/1447 Overview Status Integrated PQC Schemes Limitations and No

Arduino wolfSSL Library The library is modified from wolfSSL Release 554 for Arduino platform wolfSSL Embedded SSL/TLS Library The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set It is commonl

CWE-295 https://github.com/wolfSSL/wolfssl/pull/3676 https://www.wolfssl.com/docs/security-vulnerabilities https://nvd.nist.gov https://github.com/onelife/Arduino_wolfssl

CVE-2021-3336

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect