Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Wolfssl 信任管理问题漏洞
Vulnerability Description
Wolfssl(CyaSSL)是美国Wolfssl公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 WolfSSL 版本4.6.0 tls13.c文件中的 DoTls13CertificateVerify 函数存在信任管理问题漏洞,该漏洞源于不会停止对某些异常对等体行为的处理。
CVSS Information
N/A
Vulnerability Type
N/A