CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message.

References

Affected packages

Git / github.com/wolfssl/wolfssl

Affected ranges

Type: GIT
Repo: https://github.com/wolfssl/wolfssl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e6c07a296d2996e8d5c3cc615dfc50013bbcc794

Affected versions

Other

WCv4-rng-stable

WCv4-stable

list

wolfRand-RC2

WCv4.*

WCv4.0-RC5

WCv4.0-RC6

WCv4.0-RC8

WCv4.0-RC9

WCv5.*

WCv5.0-RC10

WCv5.0-RC11

WCv5.0-RC12

WCv5.0-RC9

v0.*

v0.5

v1.*

v1.8.8.0

v1.9.0

v2.*

v2.0.2

v2.0.3

v2.0.6

v2.0.8

v2.0rc1

v2.0rc2

v2.0rc2b

v2.0rc3

v2.1.1

v2.1.2

v2.1.4

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.4.0

v2.4.2

v2.4.6

v2.4.7

v2.5.0

v2.5.2

v2.5.2b

v2.6.0

v2.6.2

v2.7.0

v2.7.2

v2.8.0

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.5a

v2.8.6

v2.9.0

v2.9.1

v2.9.2

v2.9.4

v3.*

v3.0.0

v3.0.2

v3.1.0

v3.10.0-stable

v3.10.0a

v3.10.2-stable

v3.10.3

v3.10.4

v3.11.0-stable

v3.11.1-tls13-beta

v3.12.0-stable

v3.12.2-stable

v3.13.0-stable

v3.13.2

v3.13.3

v3.14.0-stable

v3.14.0a

v3.14.0b

v3.14.2

v3.14.4

v3.14.5

v3.15.0-stable

v3.15.3-stable

v3.15.5-stable

v3.15.5a

v3.15.6

v3.15.7-stable

v3.15.8

v3.2.0

v3.2.4

v3.2.6

v3.3.0

v3.3.3

v3.4.0

v3.4.2

v3.4.6

v3.4.8

v3.6.0

v3.6.0b

v3.6.2

v3.6.6

v3.6.8

v3.6.9

v3.6.9b

v3.6.9c

v3.6.9d

v3.69.d

v3.7.0

v3.7.1

v3.7.3

v3.8.0

v3.9.0

v3.9.1

v3.9.10-stable

v3.9.10b

v3.9.6

v3.9.6w

v3.9.8

v4.*

v4.0.0-stable

v4.1.0-stable

v4.2.0-stable

v4.2.0c

v4.3.0-stable

v4.4.0-stable

v4.5.0-stable

v4.6.0-stable

v4.7.0-stable

v4.7.1r

v4.8.0-stable

v5.*

v5.0.0-stable

v5.1.0-stable

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25638.json"