Candidate: CVE-2021-3336
PublicDate: 2021-01-29 05:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3336
 https://github.com/wolfSSL/wolfssl/pull/3676
Description:
 DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease
 processing for certain anomalous peer behavior (sending an ED22519, ED448,
 ECC, or RSA signature without the corresponding certificate). The client
 side is affected because man-in-the-middle attackers can impersonate TLS
 1.3 servers.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_wolfssl:
 upstream: https://github.com/wolfSSL/wolfssl/pull/3676/files
upstream_wolfssl: needs-triage
precise/esm_wolfssl: DNE
trusty_wolfssl: ignored (out of standard support)
trusty/esm_wolfssl: DNE
xenial_wolfssl: ignored (end of standard support, was needed)
bionic_wolfssl: needed
focal_wolfssl: needed
groovy_wolfssl: ignored (reached end-of-life)
hirsute_wolfssl: ignored (reached end-of-life)
impish_wolfssl: needed
jammy_wolfssl: needed
devel_wolfssl: needed