{"id":"CVE-2021-38597","details":"wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.","modified":"2026-04-11T21:23:12.992010Z","published":"2021-08-12T15:15:08.017Z","references":[{"type":"ADVISORY","url":"https://www.wolfssl.com/docs/wolfssl-changelog/"},{"type":"FIX","url":"https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfssl","events":[{"introduced":"0"},{"fixed":"723ed009ae5dc68acc14cd7664f93503d64cd51d"},{"fixed":"f93083be72a3b3d956b52a7ec13f307a27b6e093"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.8.1"}]}}],"versions":["WCv4-rng-stable","l","list","v0.5","v1.8.8.0","v1.9.0","v2.0.2","v2.0.3","v2.0.6","v2.0.8","v2.0rc1","v2.0rc2","v2.0rc2b","v2.0rc3","v2.4.2","v2.4.6","v2.4.7","v2.6.0","v2.6.2","v2.7.0","v2.7.2","v2.8.0","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v2.8.5a","v2.8.6","v2.9.0","v2.9.1","v2.9.2","v2.9.4","v3.10.0-stable","v3.10.0a","v3.10.2-stable","v3.10.3","v3.11.0-stable","v3.11.1-tls13-beta","v3.12.0-stable","v3.12.2-stable","v3.13.0-stable","v3.13.2","v3.13.3","v3.14.0-stable","v3.14.0a","v3.14.0b","v3.14.2","v3.14.4","v3.15.0-stable","v3.15.3-stable","v3.15.5-stable","v3.15.5a","v3.15.6","v3.15.7-stable","v3.2.0","v3.2.4","v3.2.6","v3.3.0","v3.3.3","v3.4.0","v3.4.2","v3.4.6","v3.6.8","v3.6.9","v3.7.0","v3.7.1","v3.7.3","v3.8.0","v3.9.0","v3.9.1","v3.9.10-stable","v3.9.10b","v3.9.6","v3.9.6w","v3.9.8","v4.0.0-stable","v4.1.0-stable","v4.2.0-stable","v4.2.0c","v4.3.0-stable","v4.4.0-stable","v4.5.0-stable","v4.6.0-stable","v4.7.0-stable","v4.7.1r","v4.8.0-stable"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Line","source":"https://github.com/wolfssl/wolfssl/commit/723ed009ae5dc68acc14cd7664f93503d64cd51d","signature_version":"v1","target":{"file":"wolfcrypt/src/port/caam/caam_qnx.c"},"id":"CVE-2021-38597-1072c300","digest":{"threshold":0.9,"line_hashes":["129559050910902772593620305703892358584","46892446780360592572869157630891092452","208066940593629570183817566574157000651","11078029748587033735632828975921038305","81904379545604931314036370645668216769","661704961450447980007833454441287648"]}},{"deprecated":false,"signature_type":"Line","source":"https://github.com/wolfssl/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093","signature_version":"v1","target":{"file":"wolfcrypt/src/asn.c"},"id":"CVE-2021-38597-5198d99d","digest":{"threshold":0.9,"line_hashes":["166717417374588321458813928114453004118","100066283506131351387996469012373827165","261546692408925214412452524309330904915","340175888677556585777169330515393971171","334046187563482848033628567649019522681","204990480694242824373821406926180262354","58078628999482122902017988352386455451","15943859578411976128162647846380111970","33618659943274465574035882273229317353"]}},{"deprecated":false,"signature_type":"Line","source":"https://github.com/wolfssl/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093","signature_version":"v1","target":{"file":"wolfssl/wolfcrypt/asn.h"},"id":"CVE-2021-38597-617fcaf1","digest":{"threshold":0.9,"line_hashes":["153261655079507998243035182815092040257","94397097935125013550427540131195665170","320149238350935993266883141139327796044","44782353481244881549460795752955312635"]}},{"deprecated":false,"signature_type":"Function","source":"https://github.com/wolfssl/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093","signature_version":"v1","target":{"function":"ParseCertRelative","file":"wolfcrypt/src/asn.c"},"id":"CVE-2021-38597-70dc61c3","digest":{"length":9655,"function_hash":"125232856949344471807192566925669934083"}},{"deprecated":false,"signature_type":"Function","source":"https://github.com/wolfssl/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093","signature_version":"v1","target":{"function":"DecodeBasicOcspResponse","file":"wolfcrypt/src/asn.c"},"id":"CVE-2021-38597-b66bd05f","digest":{"length":2542,"function_hash":"255771284546534536757906501825746558559"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38597.json","vanir_signatures_modified":"2026-04-11T21:23:12Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}