CVE-2026-6291
- EPSS 0.15%
- Veröffentlicht 25.06.2026 16:41:42
- Zuletzt bearbeitet 26.06.2026 16:51:09
Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decr...
CVE-2026-6094
- EPSS 0.29%
- Veröffentlicht 25.06.2026 16:35:48
- Zuletzt bearbeitet 26.06.2026 16:51:02
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
CVE-2026-5477
- EPSS 0.42%
- Veröffentlicht 10.04.2026 06:16:05
- Zuletzt bearbeitet 27.04.2026 17:51:47
An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and t...
CVE-2026-5500
- EPSS 0.36%
- Veröffentlicht 10.04.2026 04:17:17
- Zuletzt bearbeitet 27.04.2026 18:15:22
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag c...
CVE-2026-5501
- EPSS 0.18%
- Veröffentlicht 10.04.2026 04:17:17
- Zuletzt bearbeitet 27.04.2026 17:57:21
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by ...
CVE-2026-5466
- EPSS 0.15%
- Veröffentlicht 10.04.2026 04:17:16
- Zuletzt bearbeitet 29.04.2026 13:49:42
wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any ...
CVE-2026-5479
- EPSS 0.15%
- Veröffentlicht 10.04.2026 04:17:16
- Zuletzt bearbeitet 29.04.2026 13:45:33
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses th...
CVE-2026-5188
- EPSS 0.14%
- Veröffentlicht 10.04.2026 04:17:15
- Zuletzt bearbeitet 29.04.2026 13:54:37
An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter ...
CVE-2026-5460
- EPSS 0.28%
- Veröffentlicht 10.04.2026 00:16:36
- Zuletzt bearbeitet 29.04.2026 14:00:49
A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() fr...
CVE-2026-5392
- EPSS 0.16%
- Veröffentlicht 10.04.2026 00:16:35
- Zuletzt bearbeitet 29.04.2026 14:02:43
Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().