CVE-2022-25638

In wolfSSL, pre-5.2.0 versions are affected: during a TLS 1.3 handshake, if the sig_algo field differs between the certificate_verify and certificate messages, certificate validation may be bypassed, enabling potential authentication bypass. Affected product: wolfSSL library (versions before 5.2....

CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...