PT-2023-12600 · Openbsd+1 · Libressl+2

Ilya Shipitsin

Publicado

2022-01-17

Atualizado

2023-09-16

CVE-2021-46880

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreSSL versions prior to 3.4.2 OpenBSD versions prior to 7.0 errata 006

Description The issue allows authentication bypass due to an error for an unverified certificate chain sometimes being discarded in the x509 verify.c file. This occurs because the error is not properly handled, leading to potential security risks.

Recommendations For LibreSSL versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. For OpenBSD versions prior to 7.0 errata 006, apply the 7.0 errata 006 update to fix the problem. As a temporary workaround, consider restricting the use of unverified certificate chains until a patch is available.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

ALT-PU-2022-1067

ALT-PU-2023-4398

ALT-PU-2023-5593

CVE-2021-46880

Produtos afetados

Alt Linux

Libressl

Openbsd

PT-2023-12600 · Openbsd+1 · Libressl+2

CVE-2021-46880

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26