Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-25638

Опубликовано: 24 фев. 2022
Источник: debian
EPSS Низкий

Описание

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wolfsslfixed5.2.0-1package
wolfsslfixed4.6.0+p1-0+deb11u1bullseyepackage

Примечания

  • https://github.com/wolfSSL/wolfssl/pull/4813

  • https://github.com/wolfSSL/wolfssl/commit/e13861bcde8015bb99ddb034224afb66e2fb89b8 (v5.2.0-stable)

  • https://github.com/wolfSSL/wolfssl/commit/08047b2d959ee5e21a4a2c672308f45fec61f059 (v5.2.0-stable)

EPSS

Процентиль: 17%
0.00053
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-25638

CVSS3: 6.5
ubuntu
больше 3 лет назад

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

nvd логотип

CVE-2022-25638

CVSS3: 6.5
nvd
больше 3 лет назад

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

github логотип

GHSA-xxrj-j9r7-g9q6

github
больше 3 лет назад

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

EPSS

Процентиль: 17%
0.00053
Низкий