Lucene search

MitreCVE-2021-46880

HistoryApr 15, 2023 - 12:15 a.m.

CVE-2021-46880

2023-04-1500:15:07

CWE-295

mitre

web.nvd.nist.gov

libressl

x509

x509_verify.c

authentication bypass

cve-2021-46880

nvd

openbsd

certificate chain

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.5%

JSON

x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.

Affected configurations

Nvd

Node

openbsdlibresslRange<3.4.2

openbsdopenbsdRange<7.0

VendorProductVersionCPE
openbsdlibressl*cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*
openbsdopenbsd*cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openbsd	libressl	*	cpe:2.3:a:openbsd:libressl::::::::
openbsd	openbsd	*	cpe:2.3:o:openbsd:openbsd::::::::

References

ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt

ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig

github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8

security.netapp.com/advisory/ntap-20230517-0006/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.5%

JSON

Related for CVE-2021-46880