CVE-2021-3336
First published: Fri Jan 29 2021(Updated: )
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WolfSSL wolfssl | <4.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3336?
CVE-2021-3336 is a vulnerability in wolfSSL before version 4.7.0 that allows man-in-the-middle attackers to impersonate TLS 1.3 clients.
What is the severity of CVE-2021-3336?
The severity of CVE-2021-3336 is high with a CVSS score of 8.1.
How does CVE-2021-3336 affect wolfSSL?
CVE-2021-3336 affects wolfSSL versions before 4.7.0 and can lead to impersonation of TLS 1.3 clients by man-in-the-middle attackers.
How can I fix CVE-2021-3336?
To fix CVE-2021-3336, update your wolfSSL version to 4.7.0 or later.
Where can I find more information about CVE-2021-3336?
You can find more information about CVE-2021-3336 in the wolfSSL GitHub pull request (https://github.com/wolfSSL/wolfssl/pull/3676) and on the wolfSSL website (https://www.wolfssl.com/docs/security-vulnerabilities).
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wolfssl
- canonical/wolfssl wolfssl