CVE-2026-5393
- EPSS 0.19%
- Veröffentlicht 10.04.2026 00:16:35
- Zuletzt bearbeitet 29.04.2026 13:58:55
Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when...
CVE-2026-5448
- EPSS 0.12%
- Veröffentlicht 10.04.2026 00:16:35
- Zuletzt bearbeitet 29.04.2026 13:56:59
X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs di...
- EPSS 0.18%
- Veröffentlicht 09.04.2026 23:17:01
- Zuletzt bearbeitet 29.04.2026 14:08:46
A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN....
CVE-2026-5503
- EPSS 0.39%
- Veröffentlicht 09.04.2026 23:17:01
- Zuletzt bearbeitet 27.04.2026 17:53:27
In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_E...
CVE-2026-5504
- EPSS 0.11%
- Veröffentlicht 09.04.2026 23:17:01
- Zuletzt bearbeitet 29.04.2026 14:06:58
A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.
- EPSS 0.17%
- Veröffentlicht 09.04.2026 23:17:01
- Zuletzt bearbeitet 29.04.2026 14:05:22
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject ...
CVE-2026-5778
- EPSS 0.23%
- Veröffentlicht 09.04.2026 22:16:37
- Zuletzt bearbeitet 29.04.2026 14:50:39
Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. Th...
CVE-2026-5263
- EPSS 0.17%
- Veröffentlicht 09.04.2026 22:16:36
- Zuletzt bearbeitet 02.07.2026 15:17:11
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the name...
CVE-2026-5264
- EPSS 0.45%
- Veröffentlicht 09.04.2026 22:16:36
- Zuletzt bearbeitet 29.04.2026 17:18:21
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.
CVE-2026-5772
- EPSS 0.23%
- Veröffentlicht 09.04.2026 22:16:36
- Zuletzt bearbeitet 29.04.2026 14:52:45
A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function re...