Description
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
References
https://github.com/wolfSSL/wolfssl/pull/3990
PatchThird Party Advisory
https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
Release NotesThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-07-21T15:16:20.733
3 years agoLast modified
2021-07-29T17:54:51.010
3 years ago