VDB
CVE-2021-3336
CVE-2021-3336
PUBLISHED
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
EPSS 0.18% · 39.7th percentile
Risk Scores
EPSS Score
0.18%
39.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | wolfssl | 5.6.6-1.3, 5.6.6-1.3build1, 5.5.4-2 |
| Ubuntu:20.04:LTS | wolfssl | *, *, * |
| Ubuntu:22.04:LTS | wolfssl | 0, 5.2.0-2, 5.2.0-1 |
| Ubuntu:25.10 | wolfssl | 0, 5.7.2-0.1 |
| Ubuntu:18.04:LTS | wolfssl | *, *, 0 |
| Ubuntu:16.04:LTS | wolfssl | 0, * |
Exploit Intelligence
Timeline
- Jan 29, 2021 CVE Published
- Mar 4, 2021 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3336 third-party-advisory
- https://github.com/wolfSSL/wolfssl/pull/3676 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3336 third-party-advisory