CVE-2022-25640: Improper Authentication
(updated )
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify
message from the handshake, and never present a certificate.
References
Detect and mitigate CVE-2022-25640 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →