x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
{
"versions": [
{
"introduced": "0"
},
{
"fixed": "3.4.2"
}
]
}"2026-04-11T23:37:19Z"
[
{
"digest": {
"line_hashes": [
"81719393747868085048422088394428365045",
"255671199015002949477834386613831917768",
"6603743604149143162278827824178177000",
"141370914349194594839297079938223486011",
"47516007346621648147489549183388424396",
"189890563451635844404007760653935408119"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "lib/libcrypto/x509/x509_vfy.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2021-46880-0ce6c46c",
"source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
},
{
"digest": {
"length": 2432.0,
"function_hash": "155339072286897867519184053191466879435"
},
"signature_type": "Function",
"target": {
"file": "lib/libcrypto/x509/x509_verify.c",
"function": "x509_verify"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2021-46880-beeb4430",
"source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
},
{
"digest": {
"line_hashes": [
"81719393747868085048422088394428365045",
"125964653096199864332704543001441241034",
"241857843239996333423670816397097072959",
"120446057500905012400752922888331926177",
"269562179141036174168371530763583285471",
"216206751550832488832269445803380902217",
"252129155145282474703527459706651937014",
"230668980383623136197716300713064515398",
"195006530993312202553647819259406980888",
"142594261284559989137962606881539230892",
"60833746345715167303769036415551417626",
"301311421826520788205376588503908550972",
"12676276698626902124193854146584370483",
"171955152460124588229464868753170463495",
"175544919018261205811418891134489222262",
"78659149413960192940471314950747110761",
"248592099984617715844605523657619700845",
"141893834345366210641508811922384032255",
"172381105655926539188719312890287531983",
"233062594749427295276511902671047478724",
"89605891264424084621920498906697838211",
"236450089162892856035969518206476738363",
"11239215942421597245240217108577808062",
"195688425975976247483298149961464626546",
"283627151977988731773868970887671342408",
"211421544842842406825002759897087105716",
"188184749289799305042252786632808788403",
"243755226202521114884883129314620457132",
"338318982232090668253837361243249053094",
"37057165847850751670031414631411005990",
"133393272194616178716607104480015178904",
"233920666229591664337364635585263713154",
"107049328355940981575919633272388332607",
"65084390512537928998301953231824746266",
"198272914212705076446113881625207524830",
"302030867009984663114346752685339529285"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "lib/libcrypto/x509/x509_verify.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2021-46880-efee54e4",
"source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
},
{
"digest": {
"line_hashes": [
"64663461524391031507317816997038494417",
"269810985374735198249340735897275319018",
"134609233206840844049766600573851493687",
"116247169760179473022877900947226611732",
"281028018091701326678410175525252252707"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "lib/libcrypto/x509/x509_internal.h"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2021-46880-f72f6a45",
"source": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46880.json"
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0"
}
]
}
]