Vulnerability Description
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Libressl | < 3.4.2 |
| Openbsd | Openbsd | < 7.0 |
Related Weaknesses (CWE)
References
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txtRelease Notes
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sigPatch
- https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8Patch
- https://security.netapp.com/advisory/ntap-20230517-0006/
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txtRelease Notes
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sigPatch
- https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8Patch
- https://security.netapp.com/advisory/ntap-20230517-0006/
FAQ
What is CVE-2021-46880?
CVE-2021-46880 is a vulnerability with a CVSS score of 9.8 (CRITICAL). x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
How severe is CVE-2021-46880?
CVE-2021-46880 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-46880?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Libressl, Openbsd Openbsd.