CVE-2021-38597

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 4.8.1

Description The issue arises when wolfSSL incorrectly skips OCSP verification in certain situations where the response data contains the NoCheck extension, despite the data being irrelevant. This can lead to potential security risks. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 4.8.1, update to version 4.8.1 or later to resolve the issue. As a temporary workaround, consider disabling OCSP verification until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. Avoid using the NoCheck extension in OCSP responses until the issue is resolved.