CVE-2021-46880

Source
https://cve.org/CVERecord?id=CVE-2021-46880
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46880.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-46880
Published
2023-04-15T00:15:07.410Z
Modified
2026-04-11T23:37:19.974521Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.

References

Affected packages

Git / github.com/libressl-portable/portable

Affected ranges

Type
GIT
Repo
https://github.com/libressl-portable/portable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v2.*
v2.1.2
v2.1.3
v2.1.4
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.9.0
v3.*
v3.0.0
v3.0.1
v3.1.0
v3.2.0
v3.2.1
v3.3.0
v3.3.1
v3.3.2
v3.4.0
v3.4.1

Database specific

vanir_signatures_modified
"2026-04-11T23:37:19Z"
vanir_signatures
[
    {
        "digest": {
            "line_hashes": [
                "81719393747868085048422088394428365045",
                "255671199015002949477834386613831917768",
                "6603743604149143162278827824178177000",
                "141370914349194594839297079938223486011",
                "47516007346621648147489549183388424396",
                "189890563451635844404007760653935408119"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/libcrypto/x509/x509_vfy.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-46880-0ce6c46c",
        "source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
    },
    {
        "digest": {
            "length": 2432.0,
            "function_hash": "155339072286897867519184053191466879435"
        },
        "signature_type": "Function",
        "target": {
            "file": "lib/libcrypto/x509/x509_verify.c",
            "function": "x509_verify"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-46880-beeb4430",
        "source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
    },
    {
        "digest": {
            "line_hashes": [
                "81719393747868085048422088394428365045",
                "125964653096199864332704543001441241034",
                "241857843239996333423670816397097072959",
                "120446057500905012400752922888331926177",
                "269562179141036174168371530763583285471",
                "216206751550832488832269445803380902217",
                "252129155145282474703527459706651937014",
                "230668980383623136197716300713064515398",
                "195006530993312202553647819259406980888",
                "142594261284559989137962606881539230892",
                "60833746345715167303769036415551417626",
                "301311421826520788205376588503908550972",
                "12676276698626902124193854146584370483",
                "171955152460124588229464868753170463495",
                "175544919018261205811418891134489222262",
                "78659149413960192940471314950747110761",
                "248592099984617715844605523657619700845",
                "141893834345366210641508811922384032255",
                "172381105655926539188719312890287531983",
                "233062594749427295276511902671047478724",
                "89605891264424084621920498906697838211",
                "236450089162892856035969518206476738363",
                "11239215942421597245240217108577808062",
                "195688425975976247483298149961464626546",
                "283627151977988731773868970887671342408",
                "211421544842842406825002759897087105716",
                "188184749289799305042252786632808788403",
                "243755226202521114884883129314620457132",
                "338318982232090668253837361243249053094",
                "37057165847850751670031414631411005990",
                "133393272194616178716607104480015178904",
                "233920666229591664337364635585263713154",
                "107049328355940981575919633272388332607",
                "65084390512537928998301953231824746266",
                "198272914212705076446113881625207524830",
                "302030867009984663114346752685339529285"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/libcrypto/x509/x509_verify.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-46880-efee54e4",
        "source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
    },
    {
        "digest": {
            "line_hashes": [
                "64663461524391031507317816997038494417",
                "269810985374735198249340735897275319018",
                "134609233206840844049766600573851493687",
                "116247169760179473022877900947226611732",
                "281028018091701326678410175525252252707"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/libcrypto/x509/x509_internal.h"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-46880-f72f6a45",
        "source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46880.json"
unresolved_ranges
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "7.0"
            }
        ]
    }
]