DescriptionCyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs770229, 792646

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wolfssl (PTS)bullseye4.6.0+p1-0+deb11u1fixed
bookworm, sid5.5.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


wolfssl actually fixed with the initial upload to unstable after the rename
according to maintainer addressed in 3.2.0 upstream

Search for package or bug name: Reporting problems