CVE-2021-3601
CVE-2021-3601 is a security vulnerability that is still awaiting full analysis and scoring.
Key facts
- Actively exploited: Not listed in CISA KEV
- Published:
- Last modified:
Description
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-119646061
Frequently asked questions
- What is CVE-2021-3601?
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-119646061
- Is CVE-2021-3601 being actively exploited?
- It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
- How do I fix CVE-2021-3601?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2021-3601 published?
- CVE-2021-3601 was published on 2022-07-29 and last updated on 2023-11-07.