CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2646 – Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
https://notcve.org/view.php?id=CVE-2026-2646
19 Mar 2026 — A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable. Una vulnerabilidad de desbordamiento de... • https://github.com/wolfSSL/wolfssl/pull/9748 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2645 – Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
https://notcve.org/view.php?id=CVE-2026-2645
19 Mar 2026 — In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake. En wolfSSL 5.8.2 y versiones anteriores, ex... • https://github.com/wolfSSL/wolfssl/pull/9694 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-1005 – Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
https://notcve.org/view.php?id=CVE-2026-1005
19 Mar 2026 — Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records. Un desbordamiento negativ... • https://github.com/wolfSSL/wolfssl/pull/9571 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 2.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-0819 – Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
https://notcve.org/view.php?id=CVE-2026-0819
19 Mar 2026 — A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, Enc... • https://github.com/wolfSSL/wolfssl/pull/9630 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15346 – wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement
https://notcve.org/view.php?id=CVE-2025-15346
07 Jan 2026 — A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided. This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) ... • https://github.com/wolfSSL/wolfssl-py/commit/b4517dece79f682a8f453abce5cfc0b81bae769d • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 1.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13912 – Potential non-constant time compiled code with Clang LLVM
https://notcve.org/view.php?id=CVE-2025-13912
11 Dec 2025 — Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks. • https://github.com/wolfSSL/wolfssl/pull/9148 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12889 – TLS 1.2 Client Can Downgrade Digest Used
https://notcve.org/view.php?id=CVE-2025-12889
21 Nov 2025 — With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest. • https://github.com/wolfSSL/wolfssl/pull/9395 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11932 – Timing Side-Channel in PSK Binder Verification
https://notcve.org/view.php?id=CVE-2025-11932
21 Nov 2025 — The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder • https://github.com/wolfSSL/wolfssl/pull/9223 • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11931 – Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
https://notcve.org/view.php?id=CVE-2025-11931
21 Nov 2025 — Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. • https://github.com/wolfSSL/wolfssl/pull/9223 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12888 – Constant Time Issue with Xtensa-based ESP32 and X22519
https://notcve.org/view.php?id=CVE-2025-12888
21 Nov 2025 — Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa. • https://https://github.com/wolfSSL/wolfssl/pull/9275 • CWE-203: Observable Discrepancy •