Description
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-295CWE-295
Metadata
- Primary Vendor
- OPENBSD
- Published
- 4/12/2023
- Last Modified
- 2/10/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
openbsd : libresslopenbsd : openbsd
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.