First published: Thu Aug 12 2021(Updated: )
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | <4.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-38597 is a vulnerability in wolfSSL versions before 4.8.1 that incorrectly skips OCSP verification in certain situations of irrelevant response data.
The severity of CVE-2021-38597 is medium with a CVSS score of 5.9.
CVE-2021-38597 affects wolfSSL versions up to and excluding 4.8.1.
To fix CVE-2021-38597, upgrade wolfSSL to version 4.8.1 or higher.
More information about CVE-2021-38597 can be found on the official wolfSSL website and the GitHub repository.