What is CVE-2021-32665?

CVE-2021-32665 is a high-severity vulnerability in Wireapp Wire-ios, classified under Insufficient Verification of Data Authenticity. CVSS score: 8.8/10. Published 2021-06-03.

How severe is CVE-2021-32665?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Wireapp Wire-ios

CVE-2021-32665

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conve…

EPSS: 0.001 (31.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Wireapp Wire-ios — versions <= 3.8.0

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

github.com/wireapp/wire-ios/security/advisories/GHSA-mc65-7w99-c6qv (x_refsource_CONFIRM)
github.com/wireapp/wire-ios-data-model/commit/bf9db85886b12a20c8374f55b7c4a610e… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32665?: CVE-2021-32665 is a high-severity vulnerability in Wireapp Wire-ios, classified under Insufficient Verification of Data Authenticity. CVSS score: 8.8/10. Published 2021-06-03.
How severe is CVE-2021-32665?: High severity. CVSS v3 base score is 8.8 out of 10.