wolfSSL Certificate Forgery Vulnerability via Untrusted Intermediate Certificates

A vulnerability in the wolfSSL OpenSSL compatibility layer allows for certificate forgery. The issue arises when the leaf certificate's signature is not properly verified, enabling an attacker to exploit this flaw by providing an untrusted intermediate certificate with Basic Constraints 'CA:FALSE', which is legitimately signed by a trusted root. This vulnerability affects applications using the OpenSSL compatibility API directly, such as those integrating wolfSSL into nginx or haproxy. The native wolfSSL TLS handshake path is not affected.

Impact

Exploitation of this vulnerability allows an attacker to forge a certificate for any subject name, using any public key and arbitrary signature bytes, while the wolfSSL function 'wolfSSL_X509_verify_cert' incorrectly returns a success status.