CVE-2021-46880

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreSSL versions prior to 3.4.2 OpenBSD versions prior to 7.0 errata 006

Description The issue allows authentication bypass due to an error for an unverified certificate chain sometimes being discarded in the x509 verify.c file. This occurs because the error is not properly handled, leading to potential security risks.

Recommendations For LibreSSL versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. For OpenBSD versions prior to 7.0 errata 006, apply the 7.0 errata 006 update to fix the problem. As a temporary workaround, consider restricting the use of unverified certificate chains until a patch is available.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2022-1067

ALT-PU-2023-4398

ALT-PU-2023-5593

CVE-2021-46880

Affected Products

Alt Linux

Libressl

Openbsd

CVE-2021-46880

Weakness Enumeration

Related Identifiers

Affected Products

References · 26