Impact
A degenerate PKCS#7 bundle containing only certificates and no signer information is incorrectly reported as verified by wolfSSL_PKCS7_verify(). The underlying signed‑data verification succeeds without authenticating any content, effectively allowing an attacker to bypass signature validation. This flaw is classified as CWE-347 and can lead to the acceptance of tampered or malicious data as authentic.
Affected Systems
The issue affects wolfSSL library users building against the OpenSSL compatibility layer that invoke PKCS7_verify() on potentially degenerate PKCS#7 bundles. No specific version range is listed, meaning that any OpenSSL‑compatible build of wolfSSL using the affected API without an updated patch is vulnerable.
Risk and Exploitability
With a CVSS score of 8.2 the vulnerability is considered high severity. The EPSS score is not reported, and the vulnerability is not listed in the CISA KEV catalog. An attacker can construct a PKCS#7 bundle containing only certificates and deliver it to an application that trusts wolfSSL's verify output, causing the application to treat the data as authenticated. This can be exploited in remote or local contexts where the application processes untrusted PKCS#7 input. The fix enforces that a signature must exist and is verified even when the PKCS7_NOVERIFY flag is set, thereby removing the bypass.
OpenCVE Enrichment
Debian DLA