CVE-2021-3336

NameCVE-2021-3336
DescriptionDoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wolfssl (PTS)bullseye4.6.0+p1-0+deb11u1fixed
bookworm, sid5.2.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wolfsslsource(unstable)4.6.0-3

Notes

[bullseye] - wolfssl <no-dsa> (Minor issue; can be fixed via point release)
https://github.com/wolfSSL/wolfssl/pull/3676

Search for package or bug name: Reporting problems