DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-29T04:58:39
Updated: 2024-08-03T16:53:17.588Z
Reserved: 2021-01-28T00:00:00
Link: CVE-2021-3336
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-29T05:15:12.197
Modified: 2024-11-21T06:21:19.380
Link: CVE-2021-3336
Redhat
No data.