First published: Wed Jul 21 2021(Updated: )
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | >=4.6.0<4.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-37155.
The affected software is wolfSSL version 4.6.x through 4.7.x before 4.8.0.
The severity of CVE-2021-37155 is critical with a CVSS score of 9.8.
CVE-2021-37155 allows an attacker to bypass security measures by not producing a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
To fix CVE-2021-37155, update to wolfSSL version 4.8.0 or later.