Your submission was sent successfully! Close

CVE-2022-25640

Published: 24 February 2022

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
wolfssl
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream
Released (5.2.0-1)
xenial Ignored
(out of standard support)